National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2006-4343 Detail

Current Description

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

Source:  MITRE
Description Last Modified:  09/28/2006
View Analysis Description

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 4.3 MEDIUM
Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) (V2 legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Partial
Additional Information:
Victim must voluntarily interact with attack mechanism
Allows disruption of service

Evaluator Solution

This vulnerability is addressed in the following product releases: OpenSSL Project, OpenSSL, 0.9.7l (or later) OpenSSL Project, OpenSSL, 0.9.8d (or later)

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/14/2007)

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc Third Party Advisory
http://docs.info.apple.com/article.html?artnum=304829 Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 Broken Link
http://issues.rpath.com/browse/RPL-613 Broken Link
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 Broken Link
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 Broken Link
http://kolab.org/security/kolab-vendor-notice-11.txt Broken Link
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html Mailing List Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049715.html Mailing List Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2008/000008.html Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2 Mailing List Third Party Advisory
http://openbsd.org/errata.html#openssl2 Third Party Advisory
http://openvpn.net/changelog.html Third Party Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc Third Party Advisory
http://security.gentoo.org/glsa/glsa-200610-11.xml Third Party Advisory
http://securitytracker.com/id?1016943 Third Party Advisory VDB Entry
http://securitytracker.com/id?1017522 Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.676946 Mailing List Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-220.htm Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm Third Party Advisory
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html Third Party Advisory
http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml Third Party Advisory
http://www.debian.org/security/2006/dsa-1185 Third Party Advisory
http://www.debian.org/security/2006/dsa-1195 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml Third Party Advisory
http://www.ingate.com/relnote-452.php Broken Link
http://www.kb.cert.org/vuls/id/386964 Patch Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:172 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 Broken Link
http://www.novell.com/linux/security/advisories/2006_24_sr.html Broken Link
http://www.novell.com/linux/security/advisories/2006_58_openssl.html Broken Link
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.021-openssl.html Third Party Advisory
http://www.openssl.org/news/secadv_20060928.txt Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0695.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0629.html Third Party Advisory
http://www.securityfocus.com/archive/1/447318/100/0/threaded
http://www.securityfocus.com/archive/1/447393/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/20246 Patch Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/22083 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/28276 Third Party Advisory VDB Entry
http://www.serv-u.com/releasenotes/ Third Party Advisory
http://www.ubuntu.com/usn/usn-353-1 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA06-333A.html Third Party Advisory US Government Resource
http://www.vmware.com/security/advisories/VMSA-2008-0005.html Third Party Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html Third Party Advisory
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html Third Party Advisory
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html Third Party Advisory
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html Third Party Advisory
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html Third Party Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.html Third Party Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.html Third Party Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.html Third Party Advisory
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Third Party Advisory
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Third Party Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Third Party Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html Third Party Advisory
http://www.vupen.com/english/advisories/2006/3820 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/3860 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/3869 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/3902 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/3936 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4036 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4264 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4401 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4417 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4443 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2006/4750 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2007/0343 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2007/1401 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2007/1973 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2007/2783 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2008/0905/references Permissions Required Third Party Advisory
http://www.xerox.com/downloads/usa/en/c/cert_ESSNetwork_XRX07001_v1.pdf Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29240 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10207 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4356 Third Party Advisory
https://www.exploit-db.com/exploits/4773 Third Party Advisory VDB Entry
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 Broken Link

References to Check Content

Identifier:
oval:org.mitre.oval:def:10207
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10207
Identifier:
oval:org.mitre.oval:def:4356
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:4356

Technical Details

Vulnerability Type (View All)

  • NULL Pointer Dereference (CWE-476)

Change History

5 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2006-4343
NVD Published Date:
09/28/2006
NVD Last Modified:
10/17/2018